Design considerations

Jitsi Meet uses XMPP for signalling, thus the need for the XMPP server. The setup provided
by these containers does not expose the XMPP server to the outside world. Instead, it's kept
completely sealed, and routing of XMPP traffic only happens on a user defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of this
project.

Configuration

The configuration is performed via environment variables contained in a .env file. You
can copy the provided env.example file as a reference.

IMPORTANT: At the moment, configuration is not regenerated on every container boot, so
if you make any changes to your .env file, make sure you remove the configuration directory
before starting your containers again.

Variable

Description

Example

CONFIG

Directory where all configuration will be stored

/opt/jitsi-meet-cfg

TZ

System Time Zone

Europe/Amsterdam

HTTP_PORT

Exposed port for HTTP traffic

8000

HTTPS_PORT

Exposed port for HTTPS traffic

8443

DOCKER_HOST_ADDRESS

IP address of the Docker host, needed for LAN environments

192.168.1.1

NOTE: The mobile apps won't work with self-signed certificates (the default)
see below for instructions on how to obtain a proper certificate with Let's Encrypt.

Let's Encrypt configuration

If you plan on exposing this container setup to the outside traffic directly and
want a proper TLS certificate, you are in luck because Let's Encrypt support is
built right in. Here are the required options:

Authentication

Authentication can be controlled with the environment variables below. If guest
access is enabled, unauthenticated users will need to wait until a user authenticates
before they can join a room. If guest access is not enabled, every user will need
to authenticate before they can join.

Variable

Description

Example

ENABLE_AUTH

Enable authentication

1

ENABLE_GUESTS

Enable guest access

1

Users must be created with the prosodyctl utility in the prosody container.
In order to do that, first execute a shell in the corresponding container:

Disable the additional harvester which allows video over TCP (rather than just UDP)

true

JVB_TCP_PORT

TCP port for media used by Jitsi Videobridge when the TCP Harvester is enabled

4443

JVB_BREWERY_MUC

MUC name for the JVB pool

jvbbrewery

JVB_ENABLE_APIS

Comma separated list of JVB APIs to enable

none

JIGASI_XMPP_USER

XMPP user for Jigasi MUC client connections

jigasi

JIGASI_XMPP_PASSWORD

XMPP password for Jigasi MUC client connections

passw0rd

JIGASI_BREWERY_MUC

MUC name for the Jigasi pool

jigasibrewery

JIGASI_PORT_MIN

Minimum port for media used by Jigasi

20000

JIGASI_PORT_MAX

Maximum port for media used by Jigasi

20050

DISABLE_HTTPS

Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup

1

ENABLE_HTTP_REDIRECT

Redirects HTTP traffic to HTTPS

1

Running on a LAN environment

If running in a LAN environment (as well as on the public Internet, via NAT) is a requirement,
the DOCKER_HOST_ADDRESS should be set. This way, the Videobridge will advertise the IP address
of the host running Docker instead of the internal IP address that Docker assigned it, thus making ICE
succeed.

The public IP address is discovered via STUN. STUN servers can be specified with the JVB_STUN_SERVERS
option.